Playnexy.pro logo Playnexy.pro
Transparency & Control

Your Data, Your Rules.
The Playnexy Privacy Promise.

We build tools for developers. We believe privacy shouldn't be a maze. This document explains exactly what we collect, why we collect it, and how you control it.

Contact Our Privacy Officer Last Updated: January 2026
Privacy-focused workspace

What We Collect, And Why It Matters

Playnexy is a submission and management tool for iOS apps. To function, we process two types of information: data you explicitly provide and data generated through your use of our service.

We do not buy data, sell data, or trade it. Our business model is clear: you pay for the tool, and we provide the service. That alignment keeps our incentives simple and your data safe.

Scenario

A freelance developer in Milan logs in to submit a bug fix update. Playnexy securely transmits the new binary to Apple, logs the submission event, and generates a timestamp for tracking. The developer's credit card info for billing is processed by Stripe, not stored on our servers.

1

Account & Identity

Name, email address, company. We use this for account creation, support, and essential service communications. Without an email, we can't send you submission confirmations or billing receipts.

2

App Store Metadata

App titles, descriptions, keywords, screenshots. This is data you provide to Apple; we simply pass it through our systems. It resides on our servers only as long as needed to complete your submission workflow.

3

Technical & Usage

API call logs, feature engagement (e.g., "used screenshot tool"), error reports. This helps us debug issues and improve performance. It is pseudonymized and aggregated for analytics.

Our Architecture

The Technical Safeguards

Privacy isn't just a policy—it's infrastructure. Here’s how we protect your data at every layer.

Encryption & Storage

  • In Transit: All data between your browser, our servers, and Apple's API is secured with TLS 1.2+ (industry standard). Your password is hashed with bcrypt.
  • At Rest: Data resides in EU-based servers (AWS Frankfurt). Sensitive fields like API keys are encrypted at the database level.
  • Backups: Encrypted daily backups are retained for 30 days for disaster recovery, then permanently deleted.

Access & Compliance

  • Principle of Least Privilege: Only senior engineers with a strict need can access production systems. All access is logged and audited.
  • GDPR Ready: We are fully compliant. You have the right to access, correct, delete, and export your data via your account dashboard.
  • Third Parties: We use Stripe for payments and Sentry for error tracking. Both are vetted for GDPR compliance. Full processor list.

What We Don't Do

We do not sell your app metadata or analytics to third parties. We do not use your data to train AI models. We do not request unnecessary permissions (e.g., your location or contacts). If a feature doesn't require it, we don't ask for it.

Your Rights, Our Process

GDPR grants you specific rights over your personal data. Here’s how we handle each request, including the practical trade-offs.

Right to Access

Receive a copy of all data we hold on you.

Trade-off

Our system compiles logs, metadata, and account info. The export is comprehensive but may be large and technical. We don't provide simplified summaries to avoid misinterpretation of raw logs.

Mitigation

You can request exports in JSON or CSV. Our dashboard provides a clear data inventory before export.

Right to Erasure

Request deletion of your account and associated data.

Trade-off

Deletion is immediate for production data, but we retain audit logs (for legal compliance) and anonymized aggregates for 90 days. You cannot request deletion of aggregated analytics that do not identify you.

Mitigation

We provide a clear 30-day grace period for reconsideration. Account closure can be initiated directly from the dashboard with a single click.

Right to Portability

Receive your data in a machine-readable format to move elsewhere.

Trade-off

We provide your metadata and submission history. However, some dynamic context (like real-time build logs) is not included as it is ephemeral and non-personal.

Mitigation

We format exports to be widely compatible with common CRM and dev tools. Contact us for specific format needs.

Transparency Evidence

We believe proof matters more than promises. Here is what we publish to hold ourselves accountable.

Process

Our Security Review

A step-by-step breakdown of our annual penetration testing and infrastructure audit (conducted by an independent Italian firm).

Legal

Data Processing Agreement (DPA)

The full, formal agreement for enterprise clients, covering GDPR Article 28 requirements and liability clauses.

Tracking

Live Cookie Inventory

Not a generic list. See exactly which cookies our dashboard uses, their lifespan, and why they're necessary.

Status

Incident Log

If a breach occurs, we will post it here within 72 hours, per EU law. No history yet.

Contact Our Privacy Officer

For data requests, concerns, or questions about this policy, reach out directly.

Address

Via Roma 42
00184 Roma, Italy

Phone

+39 06 1234 5678

Hours

Mon-Fri: 9:00-18:00 CET

Prefer a Quick Conversation?

Schedule a 15-minute call with our team to discuss your privacy needs.

Book a Calendly Slot →